Solved

Splunk - receiving data from univ. forwarder

Posted on 2015-01-11
7
145 Views
Last Modified: 2015-01-25
Hey experts! I am evaluating Splunk for a client. I have deployed the server piece and installed the universal forwarder onto a few Windows servers. I noticed the logs from these servers appeared to not be showing in search results.

I checked the splunkd file and the last line shows a successful connection to the Splunk server. During the install wizard of the univ forwarder, I just accepted the defaults.

Is there a configuration piece I am missing?
0
Comment
Question by:Schuyler Dorsey
  • 5
  • 2
7 Comments
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543678
FYI the Univ. Forwarder sends the App, System and Security logs by default.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543687
I have an index created for wineventlog and msad. Just accepted defaults for these.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 40543708
I think I got it. After rebooting the indexer, some logs are appearing in search results. Will monitor to confirm resolution.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 62

Expert Comment

by:btan
ID: 40545874
if you check the output.conf comments, it stated "# You must restart Splunk to enable configurations."

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Outputsconf

also it stated restart forwarder for some configuration changes.

http://docs.splunk.com/Documentation/Splunk/6.2.1/Forwarding/Deploymentoverview#General_configuration_issues
0
 
LVL 10

Accepted Solution

by:
Schuyler Dorsey earned 0 total points
ID: 40559577
I fixed this by adjusting my inputs.conf. My stanzas had an error in them.
0
 
LVL 62

Expert Comment

by:btan
ID: 40559710
thanks for sharing hope my post has help though
0
 
LVL 10

Author Closing Comment

by:Schuyler Dorsey
ID: 40569007
Correct answer.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now